Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-49605

Check permissions for different pages before displaying links in the preferences and my profile pages.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.9
    • Fix Version/s: None
    • Component/s: Navigation
    • Labels:
    • Testing Instructions:
      Hide
      1. Login as an admin.
      2. Go to [Site administration  ► Users  ► Permissions  ► Define roles].
      3. Edit the 'Authenticated user' role.
      4. Change the capability 'moodle/blog:view' to 'Prevent'.
      5. Log in as a student.
      6. Go to the 'preferences' page. Check that there is no longer a link to 'Blog preferences'.
      7. Login as the admin.
      8. Go back and edit the 'Authenticated user' role.
      9. This time change the capability 'moodle/blog:namageexternal' to 'Prevent'.
      10. Login as a student.
      11. Go to the 'preferences' page. Check that there is no 'Blog' section and all the settings for the blog are not present.
      Show
      Login as an admin. Go to [Site administration  ► Users  ► Permissions  ► Define roles] . Edit the 'Authenticated user' role. Change the capability 'moodle/blog:view' to 'Prevent'. Log in as a student. Go to the 'preferences' page. Check that there is no longer a link to 'Blog preferences'. Login as the admin. Go back and edit the 'Authenticated user' role. This time change the capability 'moodle/blog:namageexternal' to 'Prevent'. Login as a student. Go to the 'preferences' page. Check that there is no 'Blog' section and all the settings for the blog are not present.
    • Affected Branches:
      MOODLE_29_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      wip-MDL-49605-master
    • Sprint:
      Team '; drop tables Sprint 5

      Description

      At the moment there are no capability checks done on preferences and it is possible to navigate to a page that will display a capability error. The navigation menu would do these checks and remove the nodes if the user did not have permission to visit that page.

      The same should be done with the preferences and my profile pages.

        Attachments

          Activity

            People

            Assignee:
            abgreeve Adrian Greeve
            Reporter:
            abgreeve Adrian Greeve
            Peer reviewer:
            Damyon Wiese
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: